I have searched a long time and tried many things but nothing with success.
A similar topic was posted by icanfly at post viewtopic.php?t=139205 but the solution is not working for me. I don't know why.

In my setup I have a VDSL modem (Vigor 165) in "bridge mode" and connected to a Mikrotik RB 750G r3.
On the LAN side I'm using a pfSense Firewall which is the default gateway for my LAN. The gateway of the pfSense is the Mikrotik router.
For more details see the attached diagram:

Internet is working, and also my LAN is working fine but I can't access the modem web interface.
Can someone help me please?

It seems that the issue is routing-related or source/masquerade-related. Can you post again in a separate code your current /ip firewall nat of the MikroTIk and also the routing tables of both the PfSense and the MikroTik.

It seems that the issue is routing-related or source/masquerade-related. Can you post again in a separate code your current /ip firewall nat of the MikroTIk and also the routing tables of both the PfSense and the MikroTik.

Wow - Thanks for the tip with the pfSense routing table...! Now I knew what the root cause was!
My network is a little bit more complicated than described at the picture. In reality I have two pfSense which are configured as high available using CARP.
What I completely have forgotten is that the SYNC Interface between the pfSense is using the same subnet.

So my solution was really simple: Changing the subnet from 172.16.2.0/24 to 172.16.3.0/24. The ether1 has now 172.16.3.250 and the Vigor has now 172.16.3.248. Also changed the nat rule to match the new vigor IP and now I can access the webui of my modem.